diff options
author | Luca <deri@ntop.org> | 2024-09-16 09:21:17 +0200 |
---|---|---|
committer | Luca <deri@ntop.org> | 2024-09-16 09:21:17 +0200 |
commit | 6de91c78955a0d85d97518c273366bd9d6ede5de (patch) | |
tree | 841b625835620e2f0f6859a8545c09c542607842 /example | |
parent | b77d3e3ab6d216cda9a092794a5fb8b1eac86fe6 (diff) |
Reworked fingerprint export now in JSON
Diffstat (limited to 'example')
-rw-r--r-- | example/ndpiReader.c | 9 | ||||
-rw-r--r-- | example/reader_util.c | 57 |
2 files changed, 30 insertions, 36 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b744a8708..a8518d0df 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -943,14 +943,6 @@ void extcap_capture(int datalink_type) { /* ********************************** */ -void printFingerprintHeader() { - if(!fingerprint_fp) return; - - fprintf(fingerprint_fp, "#protocol|src_ip|dst_ip|dst_port|family|fingerprint\n"); -} - -/* ********************************** */ - void printCSVHeader() { if(!csv_fp) return; @@ -1460,7 +1452,6 @@ static void parseOptions(int argc, char **argv) { exit(0); printCSVHeader(); - printFingerprintHeader(); #ifndef USE_DPDK if(do_extcap_capture) { diff --git a/example/reader_util.c b/example/reader_util.c index 51e8c3da0..71f5ed39d 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1042,34 +1042,37 @@ u_int8_t plen2slot(u_int16_t plen) { /* ****************************************************** */ -static void dump_raw_fingerprint(struct ndpi_workflow * workflow, - struct ndpi_flow_info *flow, - char *fingerprint_family, - char *fingerprint) { - char buf[64]; - - fprintf(fingerprint_fp, "%u|%s|%s|%u|%s|%s|%s\n", - flow->protocol,flow->src_name, flow->dst_name, ntohs(flow->dst_port), - ndpi_protocol2name(workflow->ndpi_struct, flow->detected_protocol, buf, sizeof(buf)), - fingerprint_family, fingerprint); -} - -/* ****************************************************** */ - -static void dump_flow_fingerprint(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { - if(is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) || is_ndpi_proto(flow, NDPI_PROTOCOL_QUIC)) { - if(flow->ndpi_flow->protos.tls_quic.ja4_client_raw != NULL) - dump_raw_fingerprint(workflow, flow, "JA4r", flow->ndpi_flow->protos.tls_quic.ja4_client_raw); - } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DHCP) - && (flow->ndpi_flow->protos.dhcp.fingerprint[0] != '\0')) { - char buf[256]; +static void dump_flow_fingerprint(struct ndpi_workflow * workflow, + struct ndpi_flow_info *flow) { + ndpi_serializer serializer; + bool rc; + + if(ndpi_init_serializer(&serializer, ndpi_serialization_format_json) == -1) + return; - snprintf(buf, sizeof(buf), "%s_%s", - flow->ndpi_flow->protos.dhcp.options, - flow->ndpi_flow->protos.dhcp.fingerprint); - - dump_raw_fingerprint(workflow, flow, "DHCP_r", buf); - } + ndpi_serialize_start_of_block(&serializer, "fingerprint"); + rc = ndpi_serialize_flow_fingerprint(flow->ndpi_flow, &serializer); + ndpi_serialize_end_of_block(&serializer); + + if(rc) { + char buf[64], *buffer; + u_int32_t buffer_len; + + ndpi_serialize_string_uint32(&serializer, "proto", flow->protocol); + ndpi_serialize_string_string(&serializer, "cli_ip", flow->src_name); + ndpi_serialize_string_uint32(&serializer, "cli_port", ntohs(flow->src_port)); + ndpi_serialize_string_string(&serializer, "srv_ip", flow->dst_name); + ndpi_serialize_string_uint32(&serializer, "srv_port", ntohs(flow->dst_port)); + ndpi_serialize_string_string(&serializer, "proto", + ndpi_protocol2name(workflow->ndpi_struct, + flow->detected_protocol, + buf, sizeof(buf))); + + buffer = ndpi_serializer_get_buffer(&serializer, &buffer_len); + fprintf(fingerprint_fp, "%s\n", buffer); + } + + ndpi_term_serializer(&serializer); } /* ****************************************************** */ |